Pen Test Partners

The built-in Windows security features you should be using

TL;DR Introduction  It’s more common than you might think to miss built-in defences. Windows has a lot of features that help ...
pentestpartners.com

eyeDisk. Hacking the unhackable. Again

Last year, about the time we were messing around with a virtually unheard-of hardware wallet we got a bit excited about the word “unhackable”. Long story short, I ended up supporting a selection of ...
pentestpartners.com

Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and more…

As Red Teamers, we often find information in SharePoint that can be useful for us in later attacks. As part of this we regularly want to download copies of the file, or parts of their contents. In ...
pentestpartners.com

Hacking the Mitsubishi Outlander PHEV hybrid

The Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) is a big-selling family hybrid SUV. It has an electric range of up to 30 miles or so plus petrol range of another 250ish miles. We ...
pentestpartners.com

Pwning WordPress GraphQL

Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a ...
pentestpartners.com

How we turned a real car into a Mario Kart controller by intercepting CAN data

If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You ...
pentestpartners.com

Reverse Engineering a 5g ‘Bioshield’

Six months ago the UK’s Glastonbury Town Council set up a 5g Advisory Committee to explore the safety of the technology, and last month the local paper reported their findings. This statement is in ...
pentestpartners.com

Turning an OBD-II reader into a USB / NFC attack tool

One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It’s creative, disruptive, and fun. Everyone has their own way of going about things. Different ...
pentestpartners.com

Pen testing avionics under ED-203a

The aviation industry realised some time ago that taking a standard approach to the cyber security of its products was needed and that this was a specialist discipline. A family of documents was ...
pentestpartners.com

Hacking, tracking, stealing and sinking ships

At Infosecurity Europe this year, we demonstrated multiple methods to interrupt the shipping industry, several of which haven’t been demonstrated in public before, to our knowledge. Some of these ...
pentestpartners.com

Common Kubernetes misconfigurations and how to avoid them

Kubernetes has changed the way we deploy and scale workloads. It’s powerful, flexible, and very good at hiding a lot of complexity. It is also very good at hiding security problems until someone ...